TotalBlock

TotalBlock stops unwanted email, is server based and sits behind the corporate firewall and in front of the mail processor e.g. Microsoft Exchange.

It uses allowable and un-allowable lists of email addresses, domain address and IP addresses called 'rules' to determine wanted and unwanted email for an individual receiver. Wanted email is transparently and immediately passed to the mail system and on to the intended recipient. It is possible to implement rules at a site and receiver level.

The sender of unwanted email is challenged and the sender must take some action to enable the email to be sent to the intended recipient. Of course, most unwanted email is sent by computers and these are unable to respond to the challenge. In any event, the original email will remain in history until freed by the sender, the receiver or deleted after the user-determined history retention period has expired. In the case of a non-SPAM sender i.e. an individual who as a genuine interest in sending an email to the intended recipient, the sender will usually take the necessary action to ensure delivery. If the sender fails to take the action, the intended recipient can still access the email from a web-based interface that enables the intended recipient to view all of TotalBlock’s actions. The intended recipient can see who the email is from, who it is intended for (the recipient may have several email addresses), the date and time of arrival, if the sender received the challenge and what action, if any the sender took.

The intended recipient can themselves authorize senders, domains, IP addresses etc (create 'rules') through the same interface. TotalBlock can also automatically add senders to the allowable list when email is sent, making the product quite simple and efficient to use. Many users don’t look at the history and allow TotalBlock to manage itself.

TotalBlock sits in front of the mail system and thus blocks the unwanted email which can be as much as 90% of the total email received by the corporation. Thus there is a reduction on overall network loads and processing required to manage mail for both mail processing e.g. virus checking and archiving.

Finally, TotalBlock protects the mail system from storming and harvesting. TotalBlock will detect these activities and takes steps to force prevent their continuation. (see 'Other information...')

Product at a glance
Product type	TotalBlock’s principal function is to block unwanted email. As such its as much a utility as anything i.e. aids productivity for end users and system administrators. It also reduces virus since most viruses are associated with unwanted email, and controls storming and harvest attacks, so it can be viewed as a security tool as well.
Target Industry Sectors	All sectors flagged All of the above. TotalBlock is an aid to email system management, so its place is in the IT environment.
Fault tolerance	General consumer TotalBlock is used by any individual or corporation who has an issue with too high a volume of unwanted email, harvest attacks and network load, or on an IT environment where IT productivity is affected by continually trying to manage the unwanted email filters.
Innovation indicators	Breaking new ground Expanding horizons New Technology Social change or empowerment of users
Contact for more information	Ben Corby (02) 9437 9800
Performance indicators	Real user benefits
Contact for more information	Ben Corby (02) 9437 9800
Potential indicators	Designed for international use Enterprise structured for growth Success in home and export markets Working with International collaborators
Contact for more information	Peter Stewart (02) 9437 9800

The use of email has built up rapidly over the past few years such that it is now important as a means of quick and concise communication for both business and personal use. It quickly fell prey to virus senders who could cause mischief on an almost unprecedented scale by infecting firstly a small part of a network, enabling the spread of the virus through the whole system, making it sometimes inoperable. A further development was the ability for mass marketers and mischief makers to harvest legitimate email addresses and to send hundreds and thousands of emails to these addresses at very little cost. Because corporations and individuals were forced to use products (both hardware and software) to inspect an email for virus, it was a logical extension of the processing to also inspect the mail content for marketing, sales and pornography content and to “quarantine” the email if it looked like it fell into one of these categories i.e. undesirable or unwanted email.

The pitfalls of this approach are obvious. Valid mail can be interpreted to be of an undesirable type and vice-versa. This is not a large issue where the volume of unwanted mail is low, but as volumes have increased, it has become harder for users to find time to look at the quarantine folder and to check on the computer’s decision.

TotalBlock is innovative in that it establishes that the sender is a human i.e. the sender has responded to the request for action. This is a very different approach to filtering and stops the competition between the spammer and the developer of the filter. It is impossible for the spammer to get past TotalBlock.

TotalBlock is innovative in that it pushes the responsibility to validate the sender back to the sender i.e. the sender must take some action to be allowed to send email. There are some issues even with this approach; for example the sender may feel insulted at having to take this action. Accordingly, TotalBlock also provides functions for the recipient to check on their incoming email and to see what actions have been taken and also to authorize a sender without them even being aware that the is a blocking process in place.

TotalBlock is innovative in that it puts control of the recipient’s in-box back in the hands of the recipient. The web interface has functions for all levels of users to manage the rules and the processes. Because the recipient can manage their own mail, it means that the network administrators can focus on the network and its functions rather than concern themselves with individual users.

TotalBlock is innovative in that it can handle very large volumes of unwanted mail in that most unwanted mail can simply be ignored. It never even reaches a quarantine folder that requires the attention of the recipient to be sure that the filter has made the right decision. Also, all recipients on a mail system don’t have to use TotalBlock. TotalBlock can be set for only those users whose volume of unwanted email warrants the approach. This means that TotalBlock can apply right across a corporation with individual users making their own decisions in relation to their own email.

TotalBlock is innovative in that it enables a corporation to archive only wanted email. Even though storage is “cheap”, there are benefits on both storage and retrieval i.e. less storage and quicker retrieval. The volume of unwanted email might even mean that retrieval becomes possible as it might be too difficult otherwise. There is also a benefit in that the virus content is not stored to be accidentally retrieved at a later date.

There have been a number of technical challenges in the development of TotalBlock.

The first was to devise a way to not just filter unwanted email, but to stop it.

The idea for TotalBlock came from our own experience with unwanted email. When staff would leave, then their email address would be assigned to another employee in case important email would be received. In this way, most staff acquired a number of email addresses for which the trickle of unwanted email would quickly become a flood.

It became obvious that the filtering method wouldn’t work as the consumption of time to manage the email was more and not less as the receiver could not simply scan a folder and determine which was wanted email versus rubbish.

We came up with the blocking approach and as a result we needed to develop some techniques that would enable it to work effectively.

The most important of the TotalBlock processes is to ensure that there is no way a machine can respond to a challenge; if a machine can respond, then the solution fails. We analyzed the problem and several different challenge types immediately suggested them selves. The main types can be broken down to two categories:

A simple example of the first one is “If today is Monday, what was yesterday?”. It is possible for software to parse this sentence relatively easily, but answering it is much more complex. An example of the latter is a picture of a apple with the question “What is this object?”. It is very difficult for software to even get close to answering this type of question.

The “brute force” solution of trying every word in the dictionary would seem like a possible solution to both of the above examples, but such a solution would require many attempts. We could take the complexity one step further by making a question that needs a two word answer. Making even a brute force attempt take an inordinate amount of time.

Writing these types of challenges to a new email sender would require a human being, not a machine and they wouldn’t have to all be written at once, as the software could download new question at periodic intervals. Software could also be written to expand on a human generated question giving many more variation of a question type.

In both of the simple examples above there is one obvious flaw. They rely on the fact that the sender being challenged i.e. the email sender, has the ability to read and understand English. For a cognitive challenge to over come this problem, it has to be written in a universal language. A good universal language is mathematics. However this is an area where computers excel (putting most humans to shame!) and the end result could be that only the computers would be able to respond to the challenges which is certainly not what we want. For a visual recognition challenge to over come this problem, there is a need for universally recognized objects. A good set of universally recognized object are the letters of the alphabet. There aren’t very many of them so again a “brute force” attack would be relatively simple and fortunately we can use more than one. Eight would give us 208,827,064,576 possibilities.

At this point, we have determined to use the visual recognition of the alphabet as a solution, although there are still several issue to address. Optical Character Reading is the analysis of characters on a written page and has been around for many years. One of its first uses was for the conversion of written material to digital storage. However, optical character reading has many problems and today most storage of written material is done as an image not as text. Indeed, the very problems that optical character reading has are the areas we can exploit to ensure a software program can’t solve our challenges. These problems can be summarized as:

By ensuring the letters have no hard edges, overlap with other letters and varying their font, point size, spacing and rotation. We can take advantage of all these problems. Making our 208,827,064,576 combinations impossible for a software problem to understand and this is the approach taken.

Harvesting is the attempt to determine valid email addresses on an email server by trying many combinations of addresses. Harvesting relies on the fact that an email server is going to refuse email for invalid addresses.

A simple solution to defeat a harvest attack is to accept email for any address. Unfortunately, this has the side effect of accepting huge amounts of undeliverable email that uses up bandwidth and processing power.

So we don’t want to accept mail for unknown addresses, but we don’t want this negative response to be of value to a harvesting system. To do this we rely on the fact that a harvesting system has to try many combinations to be effective. With the speed computers and networks are today, trying thousands of combinations in a few seconds is easy. However, if we slow this process down, we can dampen the effect of an attack to such a level that it becomes worthless. For example, by taking 60 seconds to respond negatively to an invalid address we can ensure that a harvesting system can only try 60 email addresses an hour. Conversely, there is no impact of taking 60 seconds to respond to a human’s incorrectly addressed email. By varying this response time for both positive and negative replies, we can also make it impossible for a harvesting system to assume a negative reply because a fixed amount of time has passed so there is nothing they can do but wait for a response. Incidentally, all harvesting systems we have seen attempt to harvest our system have given up after about 4 attempts.

We can go on at length with details of all the challenges faced; rather than do so, we have provided a list and are happy to discuss any of the above items, or this list as required.

The first performance benefit is that there is an immediate productivity gain for the TotalBlock user.

For example, if the user has implemented a product that scans mail and puts suspect mail in a quarantine folder, most users will either ignore the folder or simply delete all the contents of the quarantine folder on a periodic basis.

The issue is that the sender does not know the email has been quarantined and subsequently deleted. The sender will continue with the belief that that recipient has received the mail. The recipient on the other hand, has either deleted it or allowed it to be deleted. At some point, if the sender is serious about the recipient getting the email, the sender will contact the recipient to determine if the mail as been received and what has been done about it. This can occur regardless of the number of times that the sender has sent emails to the recipient.

The productivity gain for the user is created by the fact that TotalBlock sends a message to the sender, requesting them to be authorized. If the sender doesn’t understand the message, the sender will contact the recipient, or the sender will authorize and free the mail. In either case, the sender is fully aware that the message has not gone through. The productivity gain is that the sender and the receiver are not caught in the “did you send it?”, “did you get it?”, “why haven’t you done anything about it?” and the email administrator is not sent off looking into logs that are sometimes days old, looking for lost emails.

The second productivity gain relates to the administrator. There are no lists to maintain, to download or to tweak. Users are responsible for their own email, so the administrator is not caught up in an endless cycle of tweaking filters i.e. tightening and loosening them. Such administrators are forever trying to keep balance between sets of disparate user requirements. Also, it is rare that a user will contact an administrator in relation to email since they have a history log of all TotalBlock’s activity.

One individual received 3,547 email in the period of which 95% were blocked. That's an average of 214 unwanted email per day; the maximum day for that user was 304!

The overall average was 15 unwanted email per day. Even so, volumes are up from the last time we measured in August-September 2005, when the overall average was 7 per day.

The higher the SPAM, the less likely that the challenge message is received by the sending server ie the sender server does not "exist". Only one user received 100% positive responses from the server to the challenge message where the volume of SPAM was an average of 8 per day; the average for all users was 60%.

Many of our users are getting over 20 per day and there is no way filtering and quarantining techniques can cope with this volume. Users don't have the time to inspect quarantine folders and will simply "select all, delete".

TotalBlock’s delivery to its potential has more to do with recognition of its benefits than with anything else; challenge-response (the generic name for TotalBlock’s approach) has to be seen to suit the needs of both large and small corporations trying to cope with “unusual” volumes of SPAM. Usual volumes are 2-3 unwanted emails a day; most products and individuals can cope with this volume. Most of TotalBlock’s current customers are getting 10-15 unwanted emails each day and it is the unrelenting nature of having to manage the unwanted emails that steer customers to TotalBlock.

New Millennium is working hard to get “traction” in the local market and is hampered with the usual issue of competing with the larger companies. For example, corporations that have installed anti-virus and anti-spam solutions will need to be stressed by higher volumes of spam to include a solution such as TotalBlock. The network or security administrators will say “I have installed the best of available solutions” and will not consider the new technology or approach.

Individual users in a corporation who get high volumes are often not reason enough to investigate new technology as the individual users are usually no longer considered by IT once a solution is in place. In the case of a smaller IT situation, IT is reluctant to make change as change normally causes problems. There has to be compelling reason to change an email environment and that compelling reason usually has to be the general failure of the filtering approach across the broad spectrum of users. New Millennium’s experience and that of its clients is that the unrelenting nature of unwanted email is more of a cause for change than its volume and that most users will look for relief at 5 or more unwanted emails per day on average.

New Millennium has a TotalBlock distributor in the Philippines and they seem to be able gain access to the corporations for whom filtering has failed. It may be that the problem is more serious in Manila and this may extend to other countries. They have about twenty good prospects across industries like finance and banking, education and manufacturing.

It may also be that New Millennium can partner with other products or companies who are selling to the same market and who are either trying to expand their product range, existing product’s functions or assist their clients with either network security or performance issues.

New Millennium is also adding some features and functions to TotalBlock that assist with more than spam management. (See “Other information etc”)

In addition to patents that are already held that enable “intelligent spam management”, New Millennium is investigating some additional user features that will enable individual users to take more control of their in-box. New Millennium’s intent for TotalBlock is that administrators do less and users do more. The idea is to “empower” the users in relation to their own mail and the administrator becomes free to manage the more serious issues of traffic and security.

Also, New Millennium is planning features that will assist network and email administrators.

1. New Millennium has nearly completed a version of TotalBlock that will be self installing. The idea is that the network administrator does not need to know anything about the environment and TotalBlock will itself determine the physical relationships between the mail system and the firewall.

2. Unwitting computers are often taken over by spammers who then deluge an email server with spam. TotalBlock does not have to read the content of an email to determine it is unwanted so it can terminate an SMTP connection before the content has been received. So each spam email only uses up a few bytes of bandwidth instead of several kilobytes.

3. New Millennium has also added delivery technology features designed to circumvent other anti-spam email systems that stop legitimate email.

www.totalblock.net contains a lot of material like white papers, product samples and walk through’s.

Peter Stewart
CEO

pstewart@new-ms.com

0411 227 375

New Millennium Solutions Pty Limited

Level 2, 35 Hume Street, CROWS NEST NSW 2065

www.totalblock.net

This web-site uses frames, click here for the full picture
End of page